last executing test programs: 4m24.21867904s ago: executing program 0 (id=335): syz_usb_control_io$cdc_ncm(0xffffffffffffffff, 0x0, &(0x7f00000005c0)={0x44, &(0x7f00000000c0)=ANY=[@ANYBLOB='\x00\x00I'], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) r0 = getpid() r1 = syz_pidfd_open(r0, 0x0) close_range(r1, 0xffffffffffffffff, 0x0) syz_usb_connect(0x0, 0xb, &(0x7f0000001140)=ANY=[], 0x0) ioctl$BTRFS_IOC_ADD_DEV(r1, 0x40085507, &(0x7f00000000c0)={{}, "c4005a51cf48a456fe399e96793568de827d6e3af15928143f77a2c2bf19506fac2c94a8808e7365569e94b6012f452ddbdb4acaadf3199a4fa57eab4549a87e05bb9a155f3d08704dc753cff79d5128dc113e58ecd5a19e0bc7bef139e74acaed4f126be4cc57e22d44a734c7f2c44b2b2dc3ecfb59318827549e5b2679b3cc4f9e5df2bc30b674fb5f8e181e7dab6cc37989c9911a3d5b32ac444ebf78c76d68c313ed1bcaa4bfcdddc200878c72704b48f4cda8c86a41c703694c1e57aaf73751f45d5ed54010c14c30ea8ca2f620ab57b6ad6bdf3263aeab2de44576b10a1040c6cc84fcf2cb5037e025b227baf26e0c5bda231531365c778ef42bc49fd603b98b7b5173f2f1669834e8cd5167092f5d56e6c2623165710ec863179f143dba38551641ea77676773f3a18e97ada500fe448f172e6e714e16079d8233626d4c5c08c9117c5872c5d815ae0d481c25f2cfd2c76c6723e5ee78d5941b7d49e3d123294dd4c04c2691c5d086393047e3fd027daebf2114d1e9da89a36a49f7a411638060e87593ed8e45fb4292ff888e2eb7b776c9428623a34454eb2f11a47b43707e4b161faa8b8dc0d9cb2a0ac253ab41d0172190749ae06af564cabff5a0ba5df004c44138b49d2e17944f6588839fdedcf6ddef583df85490fa3a956e416e02943d56f734c3d3aa8b4898544e8f417c79bb5532b4ab2393c6723488c627a285686a0dac4cd6df370ab806b80f251256cfc058f8c2c2b46dca533048a18315caca12ad5915f077285ffbe1a4b5f46f2af4e45695348200e1f5a57a698acae6b4f6124fc076af5f40c3461e91b2639a84be51abe62d27cde1642731d31ae1264d20a21011bd221f8d0e4fc9835ccb61405e1ba6fcd48b9d3487909f89a0f40f91abfd3d33876b707d908bd2b076d37f5b2e2d530210e3930cf0418c3a7d8d4ac8cd16b4d2b2d4ebf6134c88813a808d82c86a20b7beb6534bb112b374d5b0a2beacb4e37872a2df879ebd568f0b20ce7d4aeb5ef6c960093b8a3d0e0332d821fdd099269364539d876caf78e60232baf7cc26589453666f17f94ac05fc2b752546a9586f9f18288e5944effa6f912709652113377ee14d949842910b0af467706b42d969908840fe55857f526694cdacb7735f2e0bdc49ca50ca57193aec63535f679e1486185bae007a7cd345bf8d7428e1a2881f6d327ee34ef0bbd67b51d25000fc59ed894c001ca327898dc4a3e7c33e20542772f31e7f125eedec11604b6569f051e643bff91d616284d2ea0f25320c22caba4d681781a13bf341dc22f882540aaab75d5bba9bbfe8aa960705d1d903a7ed8b7a14cc18b2ec9d1640ba3b6cf9c2a6cde4f7b23d1eb42fa57d2b2206c6cd6f84a5b7d682a09064e341c844edd3361f2e457a5057e1c3d97916190d9749adbadb70797f1729cc01c6146a23942e245021fe02748e2235582b36df8236c8b25fa94d1ed7e495f0df447b36f609b17526b2c8c43f1ded38f99344f2553fd911deed701d89fdf92ed6368d74f6f09ce2d26a3916f28eda4fac022f043aff14bab96f3841980533b2f935cfe7e40ad9cc77557d50a32a73aa71ae37a0cece6580887608d028b55fa7a1a1cf214098fe13c1a32ee5890e3d2c9a4d23041f89bac353aa1641df4375080b2181555e9667082a35b041645be39a47298b747eed9d127d8d342b620d0ecd2a48a86bd7dbfa04b3cfad62f5b1055b2259dc64b02d27599fff87c8303b47174e3ee66645d1eaaa05d63bad90ef4fdb97d21b478b37c313571d5776495460b57ba25dc2a5def286c8e81a3fdaa3dfb1dfb9deec86aa3629a03b9722bd95a96972a32552ba5d74f03989c73598b3ba0ef19151631ba4cf90d1bcc35c7cd2fecd6c271564df5ed232581417488454f5878f09523ce1b966162808d13a86872ad04bc777544ae4477459d197c6aaecf52e229a6cc94d151e014b589311f8e5bb7eb57605a80c11a7df2110b70735ae34a21e467f7bd8c3f81c1f9dfcf9464365566786b086637717df597c05b45249b04faa2269ca5a3fca2f1797682f24a34c9f70c27b6dd47fe9f6f006c934481524985afeec903f160c4e2c36c2bbe2081ff33733ca17ca2a2d794fd3af80d5a1adcbfa384e1ba851f4a554433e532f321b332d640513c9df326ddaa4691201f94d1b4b82b82f9bb986e00242fce6588d906cd820640a59707cecf78533496fdc49d90effde5769812ae474ef31adb849542ef23359a640eeeadecf273713a46e96c836823012fc190c8d1dd88d965fbe11074da36375c11fedc648160b55b8b8bc830b72a6f98b1396a72d96f06fab40ddd4729dc162d30e8a34c4041cc22fd62eb501fa685ae7d53376cca12e40f53edd0ae8abbb666c75a6ca8658b4ef8810931158868afb757831d14e81cdadc995fcb98e2da29300480ca03494f81b59985dbe3da8634a3c4a00626d08d6f1f997ccd63a1a103d292d29cdf15b2c4bca2f34ba406a47d9a184ed712356257ec45aa9a8ed8b8daca20f6a2edb1494a2af100000000000000006f1bfeb0edfdb1f10b66753f3fe900b95be3aafbfb5e2976de8b2c6b485243770da0cdc8f4d7384b6f39817f5661429442b20cab08cc28cf814ebf10d7ad4de140241ec169d70781524127a9454e5f1ee9fd5652818683a2f7ff0b11c8fea2ff7398e01df48c8eb62123f2630d561470003d020f4cc8923654fcf65d400ed0792af6bf1876099951e938adc275f47b9ba178b8ae3e9b295fab66c144ad8ad2fd29bced367833b76b2f0ded8dfead5dfccfc9ba2d658688abeb41f53eaf6efa82e5947f8d7a6e1010517032443507f5bd419317324000ca02e49db1cb985f8f11149496bfe54629f3f759c3100e0ab50c95446fd390a87b884930763ac810bdcdaee81b64343b955eba24d34d816bcf3eb5df1b6b44317e033a9015640942da607e3ea61727b97eab7511ff680dc5f4e54fa19e07c0023152272edc066010e661de98f73f913bc04983b325ff62134b41081dce65528af69b5206f9522b3e09f78dea218621e60f5ca9c58212526d96aace431133528b8a5354b213ef4883ef271e488bf629284c277843202bf7a41dbe2616e8338ab14f83bd6da1d1c4a4b50b6372564187a497036f2040f77c099bd0d98d3e4eebd4bf433360c518fc965e966642a22a335f3a9688336bd254dc9fe32632d4c1599c6b72fca290d9cae38548f4ad5d2a165053b7d392276d81ff26e97ebcfa210eddc832240de22bbfc6623929aa2d8bad6c41db54e2125063f9153e98b2316ae5e9d51a3a9efe5a81242f7045dbafa8db63cafad19e32b767dcd5adfd5e5459dce45c71f61a18a3e6a7de43bd61d6015fac48dcecb60795e02b30dc04cc4a408abc2dee10a97fb387a229ba5c07cebc63037c0102c846393b2bf865db38e51ce44b5cede8d530cb6496e5a34b9b0b060b8bd6f98cd53169518a1732d92af494c351f8ce753754f7d944865de345d8520a9232a1c5e516e61f23c39e09bac5d7c70a478e0b7a3208f61f090f69b9ab33da7a8ae16626c3d26f11065fd46851eff2c5968f937e90abe02555cad9e54b4bcaf3ee55aba96406cd457e27c1ad5b9cc640afff1d94d7d5f854fd50a66bf37355c548f840129ae0d81dc23202e4d7921236172d1c4920c1bf5e7bfad21740acd8f5fa278b6de2336276e271045d0ef0a9a566ae988269cb16f7eee941941d3a9f05d754cbb92a27ad9cb374872c3566a9db35920d63f0cfa69ef8dfc41f307f7c1f1ae712e3f6001e57e1de99777212ede107b692182c507b168c77a3824f0cd663f6d2ffe73e3d90587b3444e9a3cb093ddefd2869db927938ecf6cbd16a85d0849b7c829a37b70b24868e7ab1aa2adc012d85a8bf374225281b50882a40e6bed667f0538d8c85768cc9d8537bedfebe64cddf937a150c565e3824a75f5e7a173fed0ed3b3aa8750fde47ce1c219d5fc1977abc24c7a28aa8251e29a17eee3405d4c1f1f5e8b53df9425d6dde4b9de4715097c58062a977637b42974a40f0bf24dcca060871b759e5f42a12da7d89a494468f6c91c47ac17e7bfd61e62872541fd5d3941c0f0ebca3de06ca63cb52b186737fc61ade4eaed0fd5dd1eb4b8e2d2ebb689741fb354c8bbdc9092f68a156952395585113d78254ec826ba49204d76b8dcd854c4cf942c50c38ad5f8db2bf032d5eced178b25e56f9b39961aea03785119cab42fffbbbeaa15f0c21511f441fd72ab25014dbe5a35dfe295486e0d2e5803304deff8736e1d8df7886e4725321bc450c68459f01b5b3014735e81f989945e59b4c5e367976e90124e9cf422cc0f0d624627ab83ccd65ac7c1b91424672ebb3d91d932994c6e215a9d60efb6ed87eb579951668273e9a38f9089179459d2f670a21bd999a97c968891c59402d188dc601ef033fb9af3291b8778f2a38d379913a02d2215f2960f80847afe4d65f1fc7bcd1995e83fc88d87d799af0bf16060780efc8dbd08b041d8c2f646ca18ea18d3d295e172b344b6aea8d2a2620b6379c5c368459fee07bfcc83c83acaf3dc67755bbe8fe58b1a39051ef2327b30c886a0a5183e38c199e32365cb8194deade3262ea5ffa559b789da10f2948e135ce5858e1b016c153b14795a085b5bef350f95487a3f748afa943179d87a1e8828edc33804c2ea49979074fe162a8a36689286c390585d9f83645be3b921c4a6678b8ffd7edfb7a85265d5796ce4f12595b364fcc81b58c267beaa85dd47ad8c55783fe526d6dd0e3cc1f70a7e88d6f826b18aeab8282ff8e2a13ee8f03fab41be97af13c87883f87e6f0bdda04deebc05e35b601a55cc984478a997725d3faab2101cd9596c757c659e6b6c9178f620fbdcb87e399404f4bcd9b57dd1013818e58a785bed0a7fd1f5e5e355816ceba6745a42e10a145c87aedede2e0bed7bc75015a8354ba95a226c87df41d41e4ae368c4e84e8a032c48977601d71eae547f95375746e1f9c86135481bd09a08fee04db26b96cc9327bbde61cec27a56d114cc0e6459170e6cc44d846a2a55046b505e14dbdac32aa759e5d0268fe819a3dc503247b6c24c1607b4742671f5ad63c21812b1904b3c39ec8734fb1ee77a124a29c50154f53c89754f5e4719cc0279c851a63fc33e16f2393e5134568b78126b5680664fcd1fbf9d88f4efdadc120bbb4f21ddd7bf4c445a534631c5f2c4b51d7842743493b4a13bb99f160987284bc7960aaa6d40dbe05e20f42ff48425d1c8166b7fd457d33d808b456b7b11d3d3c1f445a9698ee8a473fb116c5c4824fa224088fa6f031f07f2972e62592d59536dc4cbe3c1cb33e922b0f35f79f1df10ab43e1d3e5dc480bdd8a7039f71ee9c73f976809ec2853ad0c18e4f0ee73fd1361591375d3db6c822e7baae597fc454aae7b426922e9fd9a87fe52a25d5cd03434d7ffb9f319fbeb403c0836f2117cf851bf7660ecb567a6cd918e85190683c1c0a79da1cd92b8527400008f047a436a4859be0e7b9469c6830a81d81f93ea8ba1b614de4386296089c9b34f4b8116ae7afedd43f6a82abf4302e4d8a9fba0b87347df1f5bb676f496bf29bf9ea9e3ea4bd1dd3f3d4feb7609f96424f35035b5a13fd6efd0441dea1c1f17feae7d5a1ef77aa05537fc87cc2021c92d5cbbbd159258a45972e112e123e306ef0daa36e1ff069be815c5d0b74b6b41c6d5b76c04057de0a43c2e40b04fc11b60f0f1e7ff0b88fb600d79e03cc8b73fed0af95601acca"}) 4m10.635149906s ago: executing program 0 (id=343): r0 = syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000380)=ANY=[@ANYBLOB="12010000000000100b060a5000000000000109022400010000500009040002010300000009210000000122f80409058103"], 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x2, 0x4, 0x6, 0xbaa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000), &(0x7f0000000200), 0xa7c, r1}, 0x38) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(0xffffffffffffffff, &(0x7f00000001c0)={0x2c, &(0x7f0000000040)=ANY=[@ANYBLOB="000706000000ff"], 0x0, 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000340)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="00220508"], 0x0}, 0x0) 3m56.691545474s ago: executing program 0 (id=340): prctl$PR_SET_SECUREBITS(0x1c, 0x2c) setuid(0xee00) r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='.\x00', 0x0, 0x0) r1 = socket(0x10, 0x3, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, &(0x7f0000cab000)=0xc) fsetxattr$system_posix_acl(r0, &(0x7f0000000000)='system.posix_acl_access\x00', &(0x7f00000000c0)={{}, {0x1, 0x1}, [], {0x4, 0x1}, [{0x8, 0x7, r2}, {0x8, 0x4}], {0x10, 0x2}}, 0x34, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.throttle.io_service_bytes\x00', 0x275a, 0x0) 3m56.533903899s ago: executing program 0 (id=342): mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f00000001c0)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000040)='./file0/../file0\x00', 0x0, 0x0, 0x89101a, 0x0) mount$bind(&(0x7f0000000280)='./file0\x00', &(0x7f0000000480)='./file0/../file0\x00', 0x0, 0x21adc51, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x89901) move_mount(r0, &(0x7f0000000040)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) 3m51.958542696s ago: executing program 0 (id=345): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001880)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[], &(0x7f0000003ff6)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000240)={0x0, 0xfffffffd}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) sendmsg$inet(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000100)="5769d2", 0x3}, {&(0x7f0000000740)="7160bdd51dc80f7e719bd3a6bbedb7f0adca1a53e6c4a64fcce522919dd5eadc03a1d43ca22c1c4acc959a0dd18a8273f7a9c516c333a08d59b596ff04fe33523c79930a71cb312b1bbe14271e51354a74809592fd3f7445f5fb7e24021407bcf8cd057f306dc9048b7fb873c5cbbfd9a3d5a24ffdc71e8fb53c60d35e5ee886ce89f6a146a63e62af1d4efb6e7361c312776019945f569c4d006c62555985c88a621c65cce833e8ca88e063527bed0125eda08e84cc87f5a573ee1e6214b853fbb2fc69acf1ae671c7878fa3bbb835873c3667c2459ee057214cdc864a68b1feb1cb0333548fd95be33b91688bf0ea3b275e887878b40e2af1ef1a5d44bc6f808e50dd3fd6fea6b7ac27164f182320708e0a681c4829109386e042bd86a540b4a1b03de9665ddeb833f859002f3583004f6177915be0f26ce8fa7be3ced65274b76f06b8854459de850e62a4fdebf639c3d4c045ccb13de3aca8ccd463f8e5961191d23e7a133bece4891f40e56e44063fca55f742b45728cc05c7b5d4835625ffd460d0ff3842ace1e017d3f4b87731c2ae2b0337037b3f3e454468e7d7bfb014a071af0740e23426f29774028fde2d1f2f2e418bb90ed9d7a09ae1765f2f47407abaaee348623b4f8f7d8eceaec45dfc2f17bc207897a99a2c60bcaa1352825e8d7207e438ec6a4ba4eaa0a4bf3a313a5b9e3d695f2a2241dab1bce76d3af3c07ba61b0690b9628c7b807f18340d3eb71fd5fb9f60b0f6e166312a65531de470c7ab26a82fa4fee71599ad641403e75ee64e1950b4df55c5089ee12f8b431d7ca410fa5859888626354b8743d6154591b899b2aca25e4c11435d456327131c45a1369cd6b49857a0e7148bbfd2f3c247b6c03e88df000a4f1d92ec9f833e7e23839488b9076110726cd2d05dfbc2c0b24140a41b081dde0641e057b729ec4edaf35547b659c5372080c7297c4c7ef7b97dd055964b9031fc1942b8c47e4f5b0d7722252e2bf1c6c55eecf7ad63e96ca1757a8720dc43c6015cb5636d471bbced663382200693897e79e347e2c65489f85026c7fd4e0dcc6101da30490147e052f0b86cb0a7ebc2a0580fd97bc77f89cdd963f2d385eb00917e51b1ca9d63c85e8daaa51685d2888e6119fcd2aaea4a1ad899f0b59886d63bb3abe4162612b5a26229a2a93a10b28156711ad219c67a6bf52c99be56747a6530928033b366a3a66ef870a15369fa732792656883a79116adcd7eb5e7481f37e3949b30f087a57275a0369c578743f2a82dc22212938def9b14f069bb744a1afe5091a6b0707a2fc909c5f874d692ec78f6ee33ad53a0239b4911f8f43d71effd552b2261e280898bac4a68d23884bb0b5a381708848f15536e64e97544bdcc8d14b17af389e941024669bf638925b61920aa2be478de6b18797a85ab35d1dec2e2db2fa276793a79ff2e18ef8224cef885dcc0173e671f81423415cf71b3733b398638ab0ec0047878574b35c13a901efd20509efb5fe76649cb1dbe2f7cb4ff1db410352d38c79ce08e29a1f2c28b166450a340575d11409f9301c36c629d431368881d0d86e61200332a67c900f5f5afaab440e21db38c6a97e1625a4b60a441f7c876681868b1d465ae6ad62f34d19108bf44d7e68bb09f00fb6bbd5c4c81894d4d7520002200856d49e2319a8f56759467cc061232c98bb67856b0f7e639be5a0546b9a9515a281fc6915bee58f479050e26243a4759ca252978ec77925df7f9bb5586a802b9dc277c4a95c71a9f6d72bd4db44c2a81b65171cd418f779660d7d4083343d1b0503fc45ad2566295ec6f279e9a2fe70acf9579b9117e4e01a14a5b1f623bde31b67060079647125022e6ea1217a0357eff99238f0bc29745726a677c4be8c62ae869d1b1379df69847007a64cf2598fe64eddc376e53d45556ad51fb30ba5dc9ad503aed960cbaad1c9f2007a6db505a14d3b915786a8f57a76a48181940ab6e21711db3fad8bc7aa12492a2b082e0f2b28a0e254111e2d0b5a72ec1fa7a48b553383b0c2e4ea2cdac6b5703ef9bf55e9a43c3ce6ca6cb11e6b957ce6fac712b4a2d09d241241f78af26ddace7c0471ed8de071eb083c1fd8fb9f585cba6afe790568cb0bcdf1fb0101a0c5ed3664327aa45d2e084a0b56b3114232db7e4053447aec658602df86e84a48537a866df1ad2592401dcb253c7b11ed10a2f23bb93553877a23ddc899839c852ef9e879f4ca69ff5b4c552d42711adda63fb58b27be8befcacb4b1dbb7ff9e5ed04ab6f13fa57e0507830650d96366a2e0ddf99f881c7dcd5e5c3d5c5a2226b48052404b9ffdc31fbc910947f423553a3ec7ab43d8a160198a5008897c7807f93377f0b6e5394f2f4d30afc7da2eb169cfeb881fd180ec3bf0f7cc38472168f7862f1bbae848550b977ebb81c6262488649ad5be0581c4bb9ccf629c7acc9afa39ec2328ebb32b9f542db1d8517077ad45c540822b848748ed4df56552f63efecd7c57574ef88bc24a0d0960a8fd6d8f3c5f0576d884f438147b04073b0fa8d0293feabd80eabff577404667a6b889fb3ed109c1073aa8fa7fe035a6dcccbf34f534768d85c88ea15419d03a7181f51dd99791317b6422da8b7bdff23199ceeb9eb025da68cd5a8c3e3c2c584c9fd39692141c67416f79d8d76df5ac4d488af54d10b5046f2d8626eedcaa3f0da48d3626cc3071f2006dcab603a3697adb0d7751defd2a4361d4ef254ce75dfbe6df74452c3e2b9f5f0af066eb27480edaa91628e5747684bf5d13aa54cc119ef4835428407cd56838834291a43958ae65562c2f3ffb2fc2e94aea24074eca33d514b3037a87815a6cd0ef8a2cda2c7976131a6dc8b64334b582bc8a0f30c61afa1500f947c50cba773397e088bfc70d1454717ed85454011c58b2a4bb4625ede457774fc5b115f7bde49246ab5fcf16dd9636d30f2818a9e531b7ab03b2232686c244f0abe46e1dec453f5e3339804a9b9e43e14fdab8ebc147136f3c314b3345ccfca382c56a221793a2ec6c249adce1151b4f08f33749aa938bb599b1bd5d6c19952460dc586997952864bb564278d5f77cc4be5b8d289206128018d7da7b28b57172aa917912f26e8193e7289f5d9a45bfbefc1d6dc11d6402837", 0x8b7}], 0x2}, 0x4004) recvmsg$unix(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000340)=""/229, 0x8ec0}], 0x1}, 0x12) fcntl$lock(0xffffffffffffffff, 0x26, &(0x7f00000002c0)={0x0, 0x1, 0x0, 0xe}) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x3) 3m50.48030695s ago: executing program 0 (id=346): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0xfffc, @dev}], 0x10) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0xfffc, @remote}], 0x10) sendmmsg$inet6(r1, &(0x7f000000cf00)=[{{&(0x7f00000084c0)={0xa, 0xfffc, 0x0, @loopback}, 0x1c, &(0x7f0000008900)=[{&(0x7f0000008500)="88", 0x1}], 0x1}}], 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f000000cf00)=[{{&(0x7f00000084c0)={0xa, 0xfffc, 0x0, @loopback}, 0x1c, &(0x7f0000008900)=[{&(0x7f0000008500)="88", 0xff12}], 0x1}}], 0x1, 0x0) sendmmsg$inet6(r1, &(0x7f000000cf00), 0x1, 0x20008080) 3m44.868439798s ago: executing program 32 (id=346): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0xfffc, @dev}], 0x10) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0xfffc, @remote}], 0x10) sendmmsg$inet6(r1, &(0x7f000000cf00)=[{{&(0x7f00000084c0)={0xa, 0xfffc, 0x0, @loopback}, 0x1c, &(0x7f0000008900)=[{&(0x7f0000008500)="88", 0x1}], 0x1}}], 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f000000cf00)=[{{&(0x7f00000084c0)={0xa, 0xfffc, 0x0, @loopback}, 0x1c, &(0x7f0000008900)=[{&(0x7f0000008500)="88", 0xff12}], 0x1}}], 0x1, 0x0) sendmmsg$inet6(r1, &(0x7f000000cf00), 0x1, 0x20008080) 38.446987419s ago: executing program 1 (id=380): r0 = inotify_init1(0x0) inotify_add_watch(r0, &(0x7f0000000000)='.\x00', 0x70007aa) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x4d) mknodat$null(r1, &(0x7f0000000340)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x103) r2 = open_tree(r1, &(0x7f0000000640)='\x00', 0x81000) renameat2(r2, &(0x7f00000000c0)='./file0\x00', r2, &(0x7f0000000540)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x2) 33.614114394s ago: executing program 1 (id=383): r0 = syz_io_uring_setup(0x304, &(0x7f0000000240)={0x0, 0x0, 0x10100, 0x2, 0xdf}, &(0x7f0000000100)=0x0, &(0x7f0000000180)=0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuset.memory_pressure_enabled\x00', 0x275a, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f00000001c0)=@IORING_OP_TEE={0x21, 0x8, 0x0, @fd, 0x0, 0x0, 0x6, 0x7}) write$UHID_CREATE2(r3, &(0x7f00000001c0)=ANY=[@ANYBLOB="06"], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECVMSG={0xa, 0x1, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x2001, 0x2}) io_uring_enter(r0, 0x2d3e, 0x0, 0x0, 0x0, 0x0) 29.334172362s ago: executing program 1 (id=385): r0 = gettid() futex(&(0x7f000000cffc)=0x1, 0x80000000000d, 0x0, 0x0, 0x0, 0x0) timer_create(0x0, &(0x7f00000002c0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbee3, 0x8031, 0xffffffffffffffff, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) 25.853520966s ago: executing program 2 (id=386): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0a000000050000000200000007"], 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000780)={0x0, 0x0, &(0x7f00000007c0), &(0x7f0000000280), 0x75, r0}, 0x38) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0xfffffffffffffe8b, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000bc0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000540)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000100)='io_uring_register\x00', r1}, 0x10) r2 = io_uring_setup(0x4017, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x2, 0x400031}) io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r2, 0xd, 0x0, 0x20) 22.334709662s ago: executing program 2 (id=387): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x2, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000001c0)=@newtfilter={0x48, 0x2c, 0xd27, 0x30bd29, 0x2, {0x0, 0x0, 0x0, r3, {0xffff, 0xf}, {}, {0x7}}, [@filter_kind_options=@f_matchall={{0xd}, {0x14, 0x2, [@TCA_MATCHALL_CLASSID={0x8, 0x1, {0xfff3, 0xe}}, @TCA_MATCHALL_FLAGS={0x8, 0x3, 0x2}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x0) 18.009582591s ago: executing program 1 (id=388): r0 = syz_io_uring_setup(0x24fa, &(0x7f0000000b80)={0x0, 0x0, 0x10100}, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='8'], 0x38}}, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r3, &(0x7f0000000180)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}) io_uring_enter(r0, 0x2d3e, 0x0, 0x0, 0x0, 0x0) 16.528662876s ago: executing program 2 (id=389): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$UI_ABS_SETUP(r1, 0x401c5504, &(0x7f0000000340)={0x400000100002f}) write$uinput_user_dev(r1, &(0x7f0000000800)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x296]}, 0x45c) ioctl$UI_SET_EVBIT(r1, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r1, 0x5501) close_range(r0, 0xffffffffffffffff, 0x0) 13.125010057s ago: executing program 1 (id=390): socket$inet6_sctp(0xa, 0x0, 0x84) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f00000000c0)={0x0, 0x3}, 0x4) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000040)='veth1_virt_wifi\x00', 0x10) r2 = dup(r1) sendmsg$inet(r2, &(0x7f0000000780)={&(0x7f0000000100)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f0000000000)="be39", 0xffeb}], 0x1, &(0x7f0000000c80)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @local, @private}}}], 0xf}, 0x0) 12.734747999s ago: executing program 2 (id=391): r0 = socket$inet6(0xa, 0x1000080002, 0x100000000000088) bind$inet6(r0, &(0x7f0000000140)={0xa, 0x4e23}, 0x1c) r1 = socket$inet6(0xa, 0x802, 0x88) setsockopt$inet6_udp_int(r1, 0x11, 0x100000000a, &(0x7f00000003c0)=0x800000001, 0x4) sendto$inet6(r1, 0x0, 0x0, 0x4008840, &(0x7f0000000180)={0xa, 0x4e23, 0x0, @local}, 0x1c) sendto$inet6(r1, &(0x7f0000000000)="17", 0x1, 0x0, 0x0, 0x0) recvfrom(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 9.009146771s ago: executing program 2 (id=392): ioctl$HIDIOCSUSAGES(0xffffffffffffffff, 0x501c4814, &(0x7f0000001040)={{0x1, 0x2, 0xc6af, 0x8, 0x1, 0xfff}, 0x6f, [0xa017, 0x1, 0x0, 0xfffffff5, 0x54, 0x9, 0x2, 0x202000, 0x7, 0x8, 0x1, 0xba, 0xf983, 0x4, 0x8, 0x8, 0xfffffffc, 0x7f, 0x7a, 0x9, 0xf, 0x4f, 0xfffff800, 0x2, 0x10000, 0x43, 0x800, 0x2, 0x9536, 0x7, 0x3, 0x1, 0x7, 0x730b0a0c, 0x1, 0x6, 0x2, 0x6, 0x1, 0x7ff, 0x0, 0x81, 0x7, 0x2, 0x4562, 0x14f, 0x0, 0x4, 0x7, 0x5, 0x3, 0xfff, 0x9e2, 0x0, 0x4, 0xfffffffa, 0x94, 0x4, 0x47d, 0x6, 0x6, 0x4, 0x4, 0x8, 0x9, 0x7f, 0x3, 0x8, 0x0, 0x42, 0x2, 0x0, 0x1, 0x4, 0x3, 0x1, 0x9, 0xd1e, 0x7ec9, 0x8000, 0xfffffffd, 0x5, 0x5, 0x9767, 0x699, 0x1d51, 0x40, 0x101, 0x0, 0x2, 0xfffffffd, 0x7, 0xffff, 0xd86, 0xffffff55, 0x7f, 0x5d192781, 0x4, 0x475a, 0x101, 0x2, 0x6, 0x3ff, 0xffff, 0x22, 0x3, 0x80000001, 0x6, 0x0, 0xfff, 0x7dd2d259, 0x7, 0xa481, 0xfffffff7, 0x3, 0xf17, 0xe0e6, 0x8, 0x800, 0x3ff, 0x0, 0x0, 0x4, 0xaf1b, 0x4, 0xfffffff9, 0xe70000, 0x9cf, 0xfff, 0x3, 0x0, 0x2, 0xffff, 0x101, 0xc9a3, 0xfffffbd3, 0x8, 0x7fffffff, 0xa2, 0x1f6, 0xfffffffe, 0xc, 0x5, 0x8000, 0x9, 0x0, 0x9, 0x8, 0x122e, 0x2, 0x7da9, 0x6, 0x5, 0x8, 0xf54e, 0x18000000, 0xd58, 0x8000, 0x4, 0xd1, 0x95, 0x10000, 0x7, 0x401, 0x2, 0x4, 0x10001, 0xff, 0x0, 0x6, 0x7f, 0x64eb, 0x800, 0x4962, 0x0, 0x5, 0xc, 0xfff, 0x9b48, 0x10001, 0xfffff36f, 0xd, 0x8000, 0x80000001, 0x5350ef2e, 0x6, 0xfffffffe, 0x4, 0x3, 0xab66, 0xffffff00, 0x5, 0x5, 0x0, 0x6, 0x80000000, 0x8, 0x9, 0x2, 0x6, 0x5, 0x8, 0x8001, 0x5, 0xff, 0x0, 0x106, 0xbb, 0x5, 0xffff13fd, 0x5, 0x5, 0xffffd4a6, 0x6, 0x7f, 0x1, 0x3, 0x8, 0x7, 0x3, 0x0, 0xa, 0x101, 0x9, 0x8001, 0x1, 0x1, 0x0, 0x5, 0x6e607e32, 0x7, 0x6, 0x519, 0x3, 0x3, 0xd5c, 0x6, 0x1, 0xee, 0x7dfc, 0x1, 0x7f, 0x101, 0x8, 0x1ff, 0x1, 0x6, 0x8, 0x9, 0xe44, 0x7f, 0x9, 0xfff, 0x7, 0xffff8000, 0x6, 0x23, 0x3, 0x6, 0x80000000, 0x400, 0x1, 0x0, 0x21, 0x1, 0x94, 0x2, 0x7, 0x7, 0x800, 0x9, 0xa25e, 0x4, 0x6, 0x7, 0x7f, 0x8e25, 0x8000, 0x1329, 0x800, 0xa84, 0xfff, 0x2, 0xfffffffe, 0x18000000, 0x3f, 0x7c, 0xda, 0x8000, 0x5, 0x3, 0x1ff, 0x2, 0x7fffffff, 0x8a2, 0x8, 0x9, 0xd4, 0x6, 0x5, 0x4, 0x7, 0x6, 0x7f, 0xec9, 0x5c, 0xd, 0x8, 0x3fe000, 0x6, 0x1ff, 0x5, 0x6, 0x4, 0x3ff, 0x5, 0xff, 0x4, 0x9055, 0x7, 0x8, 0x8, 0x6, 0x2, 0x8, 0xa2, 0x5, 0x9, 0x5, 0x6, 0x401, 0x9, 0xffffbd3c, 0x5, 0x1, 0x3, 0x962, 0x10, 0xd3f, 0x9, 0x4, 0x70e9, 0x400, 0xd, 0x40, 0x8, 0x800, 0xd, 0x3, 0xdbf9, 0x1, 0x2, 0x4, 0x2, 0x401, 0x1, 0x0, 0x7, 0x1, 0x3, 0x9, 0x0, 0x7fff, 0x5, 0x9, 0x8, 0x6, 0x14000000, 0x8, 0x6, 0x1, 0x4, 0x8, 0x2, 0xada0, 0x7, 0x7f, 0xf1fc, 0x10001, 0x800, 0x9, 0x6, 0x9, 0x0, 0x81, 0xfb, 0x7fffffff, 0x2, 0x6, 0xfffffffb, 0xfffffffd, 0xa, 0x7, 0xa4d, 0xffffffff, 0x3, 0x6, 0x10, 0x80000001, 0x4, 0x5, 0xba56, 0x1, 0x8, 0x48a, 0x8001, 0x9, 0x55, 0x1, 0xd6, 0x42a14e19, 0xff, 0x9, 0x4, 0xffffffff, 0x7fff, 0xb8, 0x9, 0x4, 0xfffffff7, 0xfff, 0x3fe000, 0x8, 0xe, 0x3ff, 0x8, 0xfffffffa, 0x800, 0x4, 0x2, 0x1, 0x7, 0x4, 0x2, 0x1, 0x9, 0x2, 0x0, 0x7, 0x7ff, 0x7f, 0x3, 0x80000001, 0x0, 0x7, 0x4, 0x6, 0x17, 0x8, 0xa, 0x7fff, 0x3ff, 0x7f, 0x6, 0x7, 0x3, 0x70000000, 0x6, 0x4, 0x2, 0x3, 0x3, 0x2, 0xffff4231, 0x2c96, 0x6, 0x10001, 0x4, 0x22ea, 0xff, 0x6, 0xd, 0x7, 0x5, 0x9, 0x8, 0x2, 0x0, 0x80, 0xb8c7, 0x0, 0x0, 0x7, 0xb, 0x10, 0x739, 0x89d7, 0xa, 0x5, 0x3c, 0x5, 0x4, 0x80000000, 0xf, 0x6, 0x8d, 0x5, 0x10000, 0x7, 0x3, 0x10001, 0x9, 0x6, 0x1, 0x979, 0xffffff7a, 0x4, 0x40, 0x40, 0x1, 0x5, 0x1, 0x406, 0x100, 0xd23, 0x59a, 0x401, 0x4, 0x4349, 0x3, 0x8, 0xbf32, 0x4, 0x1000, 0x5, 0x4, 0x6, 0x1bb6, 0x6, 0x0, 0x5, 0x3, 0x400000, 0x3, 0x7f, 0x676, 0x8, 0x7fffffff, 0x2f4, 0x8, 0x3, 0x3, 0x4, 0xe, 0x8, 0x0, 0x2, 0x10000, 0x3, 0x7, 0x0, 0x7, 0x459, 0x7f, 0xffffffff, 0x5, 0x4, 0xff, 0x1, 0x7, 0x10000, 0xe, 0x80000001, 0x8, 0x10, 0x0, 0x1c2, 0x7ff, 0x5, 0x1, 0x6, 0x5, 0x4, 0x0, 0x80000001, 0x5, 0x3, 0x8, 0x7ff, 0xc41, 0x4, 0x0, 0x6, 0x5, 0x7ff, 0x1, 0x6, 0x2, 0x401, 0x80, 0xfffffffb, 0x9, 0x3765, 0xe, 0x5, 0x40, 0x9f, 0x7f, 0x0, 0x38, 0x0, 0x7, 0x8, 0x81, 0x7, 0x42d07ee9, 0x10, 0x9, 0x7e83, 0x3, 0x5, 0x7, 0x8001, 0xbf1, 0x42a9, 0x3, 0x2, 0xc14, 0x3, 0x7f, 0x2a, 0x90bc, 0x5, 0x9e, 0x6, 0x9, 0x80000001, 0x3, 0x2, 0xfffffffc, 0x9, 0x3, 0x8001, 0x403, 0x6, 0x9, 0x4, 0x2, 0x1, 0x1, 0xffffff00, 0x2be47cce, 0x0, 0x80, 0x5, 0x6, 0x8, 0x8, 0x8, 0xa, 0xe89, 0x7, 0xd3, 0x2, 0x61, 0x78, 0x6, 0x1, 0xb, 0x9, 0xfff, 0x4, 0x6, 0x8, 0x6, 0x0, 0x2dd1, 0x80000001, 0xfff, 0x0, 0xa, 0xe5f1, 0xe1, 0x6, 0x7, 0x1000, 0x8, 0xa6, 0x7ff, 0xfffffff6, 0x8, 0xfffff801, 0x2, 0x67b, 0x9, 0x1, 0xffff96c7, 0x1, 0xbd4, 0xffff, 0x10000000, 0x7fff, 0xf, 0x5, 0x80000000, 0x8, 0x22e, 0x0, 0x8001, 0x6, 0x2, 0x1, 0xa0, 0x85cf, 0x0, 0xb12ab2ad, 0x0, 0x7, 0x8, 0x575d699f, 0xb, 0x8, 0xf, 0x1, 0x6, 0x10000, 0x6b, 0x5, 0x2816, 0x1ff, 0x6, 0xa4, 0xfffffffc, 0x7, 0x3, 0x297e, 0x9, 0x6fe8, 0xa70000, 0x400, 0x80000001, 0xd8d9, 0xff, 0x73, 0x7, 0x2, 0xfffffff8, 0x1, 0xa, 0x3, 0x6, 0x5, 0x1, 0x80000001, 0x7fffffff, 0x4, 0xf6b, 0xe4b, 0x7fffffff, 0x8, 0x1, 0x7, 0x63, 0x7ff, 0x7, 0x7, 0x9b, 0x7fff, 0xfffff6cc, 0x4, 0xff, 0x100, 0x1, 0x80, 0x6db, 0x6cc, 0xf3, 0x0, 0x8, 0xffffffff, 0x8, 0x6, 0x1, 0x4, 0x2, 0x7, 0x5, 0x7, 0x200, 0x7, 0x8, 0x40, 0x0, 0x0, 0xfffffffa, 0x0, 0x3ff, 0x7, 0x3ff, 0xc, 0x8, 0x6, 0x1, 0x1, 0x50000000, 0xa4d, 0x1, 0x6, 0x9, 0x0, 0x0, 0x1, 0xf, 0x3ff, 0x6, 0x7, 0x5, 0xdc, 0x0, 0x8, 0xfffffba7, 0x81, 0xeec, 0x100, 0x5, 0xee2, 0x3, 0x9, 0x6980, 0x1, 0xd, 0x240000, 0x7, 0x6, 0xfff, 0x1ff, 0xff, 0x8, 0x68, 0x6, 0xd, 0x1, 0x8, 0xfffffffc, 0x6, 0x7ff, 0x3, 0xffff, 0x3, 0xfffffff4, 0x0, 0xf44, 0x81f2, 0x1, 0x0, 0xa88b, 0x6577747, 0x2, 0x4, 0x2, 0x4, 0x101, 0x800, 0x5, 0xb8, 0xa5d, 0x7, 0x1ff, 0x5, 0x9, 0x0, 0x0, 0x6, 0x7, 0x96, 0x6, 0x80000001, 0x10000, 0x9, 0x788b, 0xa, 0x7df4, 0x9, 0xf224, 0x276, 0x4b, 0xfffffffc, 0x9, 0xd7, 0x5, 0xfff, 0x19, 0x0, 0xf45, 0x0, 0x401, 0x9, 0x5, 0x81, 0xf2b0, 0x4, 0xf, 0xde9, 0xffffffff, 0xae32, 0x4572, 0x9, 0x7, 0x7f, 0x3, 0xffffffff, 0x7, 0xe, 0x80000000, 0x0, 0x0, 0x8, 0x7fff, 0x6, 0x7d6, 0x0, 0x7, 0x6, 0xa7, 0x401, 0x0, 0x4, 0xf35b, 0xb7f6, 0x0, 0x8000, 0x5, 0x7f, 0x2, 0xfff, 0x7, 0xf7e4, 0x9, 0x5, 0x1ff, 0xfffeffff, 0x7, 0x1, 0x7f, 0x8, 0x79ad, 0x80000000, 0x6, 0x4, 0x7fff, 0x8, 0x800, 0x7, 0x0, 0x7f, 0x10, 0xf539, 0xe932, 0x0, 0x9, 0x0, 0x3, 0x1, 0x5, 0x9, 0x9a7, 0x200, 0x9, 0x8, 0x88f, 0x7f, 0x8, 0x101, 0x7d9, 0x8, 0x1ff, 0x7, 0x3343, 0x665ea932, 0xa7dd, 0x8001, 0x3, 0x0, 0x10d, 0x2dc, 0x300000, 0x3, 0x10001, 0x7, 0x6, 0x3, 0x7, 0x3, 0x4, 0x9, 0x7fff, 0x1000, 0x7, 0x4, 0xa, 0x9, 0x4, 0x9, 0x0, 0x1, 0x7, 0x9, 0x9cf, 0x0, 0x7f, 0x7, 0xd3fe, 0xd, 0x5, 0x9, 0x7, 0x400, 0x10000, 0x1, 0x0, 0x98, 0x0, 0x0, 0xee41, 0x2, 0x4, 0x5, 0x7, 0x0, 0x7, 0x5d8, 0x7, 0x5, 0xe49e]}) madvise(&(0x7f0000000000/0x400000)=nil, 0x40001e, 0x15) r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x2, 0x0, &(0x7f0000000140)={0x0, 0x0}) write(r0, &(0x7f0000000000)="fa", 0xfffffdef) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) r1 = io_uring_setup(0x6f84, &(0x7f0000000100)={0x0, 0xd907, 0x2, 0x0, 0x131}) io_uring_register$IORING_REGISTER_BUFFERS(r1, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a) 1.294764491s ago: executing program 1 (id=393): r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000000040)) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x4000000004a101, 0x0) r2 = syz_open_dev$sndpcmp(&(0x7f0000000200), 0x0, 0xa2c65) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000500)={0x0, 0xfffffffffffffd83, 0xfa00, {0x0, 0x0}}, 0xfdbc) ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(r2, 0xc0884113, &(0x7f0000000240)={0x1, 0x0, 0x0, 0x10001, 0x0, 0x0, 0x7, 0x0, 0xfffffffffffffffd, 0x0, 0xfffffffb, 0x1}) ioctl$SNDRV_PCM_IOCTL_STATUS_EXT32(r2, 0xc06c4124, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}) 0s ago: executing program 2 (id=394): r0 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) ioctl$NBD_SET_SOCK(r0, 0xab00, r1) r2 = syz_open_dev$ndb(&(0x7f0000000040), 0x0, 0x0) ioctl$NBD_SET_SOCK(r0, 0xab00, r1) ioctl$NBD_SET_FLAGS(r2, 0xab0a, 0x1000001000104) ioctl$NBD_DO_IT(r0, 0xab03) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:11685' (ED25519) to the list of known hosts. syzkaller login: [ 426.739130][ T3155] cgroup: Unknown subsys name 'net' [ 427.359705][ T3155] cgroup: Unknown subsys name 'cpuset' [ 427.510803][ T3155] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 484.809605][ T3155] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 552.768734][ T3162] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 552.827307][ T3162] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 556.208138][ T3164] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 556.580238][ T3164] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 564.191987][ T3162] hsr_slave_0: entered promiscuous mode [ 564.282896][ T3162] hsr_slave_1: entered promiscuous mode [ 566.542840][ T3164] hsr_slave_0: entered promiscuous mode [ 566.602000][ T3164] hsr_slave_1: entered promiscuous mode [ 566.632393][ T3164] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 566.638771][ T3164] Cannot create hsr debugfs directory [ 571.371369][ T3162] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 571.703378][ T3162] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 571.911196][ T3162] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 572.193430][ T3162] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 574.597514][ T3164] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 574.777333][ T3164] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 574.908331][ T3164] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 575.258390][ T3164] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 583.325275][ T3162] 8021q: adding VLAN 0 to HW filter on device bond0 [ 586.952562][ T3164] 8021q: adding VLAN 0 to HW filter on device bond0 [ 628.959964][ T3162] veth0_vlan: entered promiscuous mode [ 629.126445][ T3162] veth1_vlan: entered promiscuous mode [ 630.259692][ T3164] veth0_vlan: entered promiscuous mode [ 631.289876][ T3164] veth1_vlan: entered promiscuous mode [ 631.520917][ T3162] veth0_macvtap: entered promiscuous mode [ 632.014678][ T3162] veth1_macvtap: entered promiscuous mode [ 634.432719][ T3164] veth0_macvtap: entered promiscuous mode [ 634.768478][ T3162] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 634.772038][ T3162] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 634.778687][ T3162] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 634.780794][ T3162] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 635.117073][ T3164] veth1_macvtap: entered promiscuous mode [ 637.103269][ T3164] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 637.119137][ T3164] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 637.120813][ T3164] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 637.122012][ T3164] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 638.122088][ T3162] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 640.037315][ T3852] netlink: 'syz.1.2': attribute type 64 has an invalid length. [ 661.337749][ T3879] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 696.729194][ T3925] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 700.842062][ T3930] syz.0.27 uses obsolete (PF_INET,SOCK_PACKET) [ 757.421367][ T4013] netlink: 8 bytes leftover after parsing attributes in process `syz.1.51'. [ 757.444636][ T4013] netlink: 8 bytes leftover after parsing attributes in process `syz.1.51'. [ 766.126540][ T4026] capability: warning: `syz.1.55' uses 32-bit capabilities (legacy support in use) [ 770.212375][ T4031] input: syz0 as /devices/virtual/input/input0 [ 779.614806][ T4045] netlink: 8 bytes leftover after parsing attributes in process `syz.1.61'. [ 779.798373][ T4045] netlink: 28 bytes leftover after parsing attributes in process `syz.1.61'. [ 782.032464][ T4051] ALSA: mixer_oss: invalid index 23058 [ 798.148707][ T4072] gtp0: entered promiscuous mode [ 799.211781][ T4076] netlink: 28 bytes leftover after parsing attributes in process `syz.0.71'. [ 812.897932][ T4095] block nbd0: Device being setup by another task [ 814.515339][ T58] block nbd0: Receive control failed (result -32) [ 814.691472][ T4091] block nbd0: shutting down sockets [ 863.363227][ T3791] usb 1-1: new low-speed USB device number 2 using dummy_hcd [ 863.891045][ T3791] usb 1-1: config 168 descriptor has 1 excess byte, ignoring [ 863.893160][ T3791] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt [ 863.906055][ T3791] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 863.908269][ T3791] usb 1-1: config 168 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 863.941880][ T3791] usb 1-1: config 168 descriptor has 1 excess byte, ignoring [ 863.949241][ T3791] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt [ 863.951088][ T3791] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 863.952730][ T3791] usb 1-1: config 168 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 863.995616][ T3791] usb 1-1: config 168 descriptor has 1 excess byte, ignoring [ 863.998280][ T3791] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt [ 864.000488][ T3791] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 864.002744][ T3791] usb 1-1: config 168 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 864.180491][ T3791] usb 1-1: string descriptor 0 read error: -22 [ 864.186882][ T3791] usb 1-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 864.188238][ T3791] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 864.345951][ T3791] adutux 1-1:168.0: interrupt endpoints not found [ 866.783254][ T3791] usb 1-1: USB disconnect, device number 2 [ 887.071896][ T4197] input: syz0 as /devices/virtual/input/input1 [ 896.990594][ T4209] netlink: 4 bytes leftover after parsing attributes in process `syz.0.113'. [ 909.870248][ T4232] trusted_key: syz.1.120 sent an empty control message without MSG_MORE. [ 925.377376][ T3789] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 926.026786][ T3789] usb 1-1: device descriptor read/64, error -71 [ 926.349342][ T3789] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 926.647670][ T3789] usb 1-1: device descriptor read/64, error -71 [ 926.773141][ T3789] usb usb1-port1: attempt power cycle [ 927.238932][ T3789] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 927.317286][ T3789] usb 1-1: device descriptor read/8, error -71 [ 927.770862][ T3789] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 927.829830][ T3789] usb 1-1: device descriptor read/8, error -71 [ 928.001068][ T3789] usb usb1-port1: unable to enumerate USB device [ 931.191231][ T4264] block nbd1: NBD_DISCONNECT [ 931.199430][ T4264] block nbd1: Disconnected due to user request. [ 931.203098][ T4264] block nbd1: shutting down sockets [ 1041.795171][ T34] audit: type=1326 audit(1040.280:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4393 comm="syz.0.173" exe="/syz-executor" sig=31 arch=c00000f3 syscall=98 compat=0 ip=0xdb636 code=0x0 [ 1048.037863][ T4402] netlink: 8 bytes leftover after parsing attributes in process `syz.1.176'. [ 1048.040037][ T4402] netlink: 32 bytes leftover after parsing attributes in process `syz.1.176'. [ 1048.169345][ T4402] gtp1: entered promiscuous mode [ 1048.170901][ T4402] gtp1: entered allmulticast mode [ 1053.615730][ T4410] netlink: 332 bytes leftover after parsing attributes in process `syz.0.179'. [ 1091.789612][ T4468] Zero length message leads to an empty skb [ 1107.590198][ T4482] netlink: 'syz.1.206': attribute type 10 has an invalid length. [ 1107.662470][ T4482] syz_tun: entered promiscuous mode [ 1110.848313][ T4486] netlink: 148 bytes leftover after parsing attributes in process `syz.0.207'. [ 1160.233119][ T4534] mmap: syz.1.221 (4534) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 1167.683052][ T4540] capability: warning: `syz.0.222' uses deprecated v2 capabilities in a way that may be insecure [ 1174.236712][ T4544] input: syz0 as /devices/virtual/input/input2 [ 1225.780299][ T4600] input: syz0 as /devices/virtual/input/input3 [ 1230.776033][ C0] vkms_vblank_simulate: vblank timer overrun [ 1235.709407][ C0] vkms_vblank_simulate: vblank timer overrun [ 1235.755067][ C0] vkms_vblank_simulate: vblank timer overrun [ 1281.013632][ T20] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1282.147144][ T20] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1283.779862][ T20] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1284.632841][ T20] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1303.182591][ T20] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1303.567361][ T20] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1303.802333][ T20] bond0 (unregistering): Released all slaves [ 1305.902355][ T20] hsr_slave_0: left promiscuous mode [ 1306.118906][ T20] hsr_slave_1: left promiscuous mode [ 1306.738763][ T20] veth1_macvtap: left promiscuous mode [ 1306.781981][ T20] veth0_macvtap: left promiscuous mode [ 1306.823260][ T20] veth1_vlan: left promiscuous mode [ 1306.850349][ T20] veth0_vlan: left promiscuous mode [ 1354.709968][ T4767] input: syz1 as /devices/virtual/input/input4 [ 1376.381547][ T4675] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1376.552592][ T4675] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1400.983387][ T4675] hsr_slave_0: entered promiscuous mode [ 1401.035851][ T4675] hsr_slave_1: entered promiscuous mode [ 1401.087890][ T4675] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1401.090586][ T4675] Cannot create hsr debugfs directory [ 1418.247667][ T4675] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 1418.533200][ T4675] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 1418.802006][ T4675] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 1419.080308][ T4675] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 1438.141023][ T4675] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1518.013561][ T4675] veth0_vlan: entered promiscuous mode [ 1519.072791][ T4675] veth1_vlan: entered promiscuous mode [ 1522.313366][ T4675] veth0_macvtap: entered promiscuous mode [ 1523.042889][ T4675] veth1_macvtap: entered promiscuous mode [ 1525.007546][ T4675] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1525.011785][ T4675] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1525.032129][ T4675] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1525.076148][ T4675] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1547.496185][ T5187] input: syz0 as /devices/virtual/input/input5 [ 1557.585182][ T34] audit: type=1326 audit(1812.116:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5197 comm="syz.0.287" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb636 code=0x7fc00000 [ 1558.402878][ T34] audit: type=1326 audit(1812.876:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5197 comm="syz.0.287" exe="/syz-executor" sig=0 arch=c00000f3 syscall=56 compat=0 ip=0xdb636 code=0x7fc00000 [ 1558.460628][ T34] audit: type=1326 audit(1812.976:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5197 comm="syz.0.287" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb636 code=0x7fc00000 [ 1558.477067][ T34] audit: type=1326 audit(1812.976:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5197 comm="syz.0.287" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb636 code=0x7fc00000 [ 1558.480825][ T34] audit: type=1326 audit(1812.976:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5197 comm="syz.0.287" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb636 code=0x7fc00000 [ 1558.527531][ T34] audit: type=1326 audit(1812.996:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5197 comm="syz.0.287" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb636 code=0x7fc00000 [ 1558.541325][ T34] audit: type=1326 audit(1813.036:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5197 comm="syz.0.287" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb636 code=0x7fc00000 [ 1558.682428][ T34] audit: type=1326 audit(1813.036:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5197 comm="syz.0.287" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb636 code=0x7fc00000 [ 1558.711969][ T34] audit: type=1326 audit(1813.246:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5197 comm="syz.0.287" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb636 code=0x7fc00000 [ 1558.736872][ T34] audit: type=1326 audit(1813.246:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5197 comm="syz.0.287" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb636 code=0x7fc00000 [ 1609.587260][ T5169] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 1609.887143][ T5169] usb 2-1: Using ep0 maxpacket: 32 [ 1610.635394][ T5169] usb 2-1: unable to get BOS descriptor or descriptor too short [ 1610.651641][ T5169] usb 2-1: unable to read config index 0 descriptor/start: -71 [ 1610.655774][ T5169] usb 2-1: can't read configurations, error -71 [ 1677.379304][ T5330] netlink: 40 bytes leftover after parsing attributes in process `syz.0.332'. [ 1677.381964][ T5330] netlink: 40 bytes leftover after parsing attributes in process `syz.0.332'. [ 1677.392326][ T5330] A link change request failed with some changes committed already. Interface ip6_vti0 may have been left with an inconsistent configuration, please check. [ 1699.668171][ T3157] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 1700.118228][ T3157] usb 1-1: Using ep0 maxpacket: 16 [ 1700.198090][ T3157] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1700.200772][ T3157] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1700.207755][ T3157] usb 1-1: config 0 interface 0 has no altsetting 0 [ 1700.210017][ T3157] usb 1-1: New USB device found, idVendor=060b, idProduct=500a, bcdDevice= 0.00 [ 1700.212006][ T3157] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1700.370042][ T3157] usb 1-1: config 0 descriptor?? [ 1703.396537][ T3157] hid (null): report_id 0 is invalid [ 1703.398726][ T3157] hid (null): report_id 0 is invalid [ 1703.400414][ T3157] hid (null): report_id 2281701376 is invalid [ 1703.403294][ T3157] hid (null): invalid report_count -1744830464 [ 1703.426436][ T3157] hid (null): bogus close delimiter [ 1703.428557][ T3157] hid (null): bogus close delimiter [ 1703.431851][ T3157] hid (null): unknown global tag 0xc [ 1703.433661][ T3157] hid (null): unknown global tag 0xc [ 1703.466725][ T3157] hid (null): unknown global tag 0xc [ 1703.470342][ T3157] hid (null): unknown global tag 0xe [ 1703.472159][ T3157] hid (null): unknown global tag 0xe [ 1703.496190][ T3157] hid (null): unknown global tag 0xe [ 1703.848391][ T3157] cougar 0003:060B:500A.0001: unexpected long global item [ 1703.869405][ T3157] cougar 0003:060B:500A.0001: parse failed [ 1703.876482][ T3157] cougar 0003:060B:500A.0001: probe with driver cougar failed with error -22 [ 1704.107065][ T3157] usb 1-1: USB disconnect, device number 7 [ 1714.597462][ T5375] ======================================================= [ 1714.597462][ T5375] WARNING: The mand mount option has been deprecated and [ 1714.597462][ T5375] and is ignored by this kernel. Remove the mand [ 1714.597462][ T5375] option from the mount to silence this warning. [ 1714.597462][ T5375] ======================================================= [ 1728.566276][ T3158] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 1728.767060][ T3158] usb 2-1: Using ep0 maxpacket: 32 [ 1728.839523][ T3158] usb 2-1: no configurations [ 1728.842058][ T3158] usb 2-1: can't read configurations, error -22 [ 1729.049784][ T3158] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 1729.317353][ T3158] usb 2-1: Using ep0 maxpacket: 32 [ 1729.371765][ T3158] usb 2-1: no configurations [ 1729.387464][ T3158] usb 2-1: can't read configurations, error -22 [ 1729.407227][ T3158] usb usb2-port1: attempt power cycle [ 1729.880153][ T3158] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 1729.988613][ T3158] usb 2-1: Using ep0 maxpacket: 32 [ 1730.027401][ T3158] usb 2-1: no configurations [ 1730.045913][ T3158] usb 2-1: can't read configurations, error -22 [ 1730.299669][ T3158] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 1730.440897][ T3158] usb 2-1: Using ep0 maxpacket: 32 [ 1730.491051][ T3158] usb 2-1: no configurations [ 1730.493127][ T3158] usb 2-1: can't read configurations, error -22 [ 1730.526680][ T3158] usb usb2-port1: unable to enumerate USB device [ 1761.466597][ T5384] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1761.866429][ T5384] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1777.348127][ T5384] hsr_slave_0: entered promiscuous mode [ 1777.430595][ T5384] hsr_slave_1: entered promiscuous mode [ 1777.448237][ T5384] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1777.449679][ T5384] Cannot create hsr debugfs directory [ 1798.133423][ T5384] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 1798.351242][ T5384] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 1798.610068][ T5384] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 1798.897410][ T5384] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 1812.067481][ T5384] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1858.867791][ T5384] veth0_vlan: entered promiscuous mode [ 1859.495051][ T5384] veth1_vlan: entered promiscuous mode [ 1861.265635][ T5384] veth0_macvtap: entered promiscuous mode [ 1861.923285][ T5384] veth1_macvtap: entered promiscuous mode [ 1864.382111][ T5384] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1864.403070][ T5384] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1864.423158][ T5384] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1864.443667][ T5384] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1869.926272][ T59] block nbd2: Receive control failed (result -107) [ 1870.289236][ T5788] nbd2: detected capacity change from 0 to 15960 [ 1870.710971][ T5788] block nbd2: Dead connection, failed to find a fallback [ 1870.718727][ T5788] block nbd2: shutting down sockets [ 1870.759237][ T5788] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1870.789412][ T5788] Buffer I/O error on dev nbd2, logical block 0, async page read [ 1870.822526][ T5788] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1870.848218][ T5788] Buffer I/O error on dev nbd2, logical block 0, async page read [ 1870.852858][ T5788] nbd2: unable to read partition table [ 1871.140406][ T5788] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1871.160506][ T5788] Buffer I/O error on dev nbd2, logical block 0, async page read [ 1876.629967][ T4555] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1876.960831][ T4555] hid-generic 0000:0000:0000.0002: hidraw0: HID v0.00 Device [syz1] on syz0 [ 1894.942666][ T5828] TCP: request_sock_subflow_v6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 1907.957592][ T5842] input: syz1 as /devices/virtual/input/input6 [ 1934.126578][ T5873] input: syz1 as /devices/virtual/input/input7 [ 1951.078428][ T5893] [ 1951.079322][ T5893] ====================================================== [ 1951.080202][ T5893] WARNING: possible circular locking dependency detected [ 1951.081494][ T5893] 6.13.0-rc3-syzkaller-g6f6ecce59d99 #0 Not tainted [ 1951.084719][ T5893] ------------------------------------------------------ [ 1951.085844][ T5893] syz.2.394/5893 is trying to acquire lock: [ 1951.086886][ T5893] ff60000019d94e90 (set->srcu){.+.+}-{0:0}, at: __synchronize_srcu+0x0/0x292 [ 1951.089449][ T5893] [ 1951.089449][ T5893] but task is already holding lock: [ 1951.090452][ T5893] ff60000019cde228 (&q->q_usage_counter(io)#21){++++}-{0:0}, at: __blk_mq_update_nr_hw_queues+0x224/0x13d4 [ 1951.092648][ T5893] [ 1951.092648][ T5893] which lock already depends on the new lock. [ 1951.092648][ T5893] [ 1951.093569][ T5893] [ 1951.093569][ T5893] the existing dependency chain (in reverse order) is: [ 1951.094882][ T5893] [ 1951.094882][ T5893] -> #6 (&q->q_usage_counter(io)#21){++++}-{0:0}: [ 1951.096533][ T5893] lock_acquire.part.0+0x2c4/0x81a [ 1951.097550][ T5893] lock_acquire+0x74/0x98 [ 1951.098457][ T5893] blk_mq_submit_bio+0x20d2/0x26be [ 1951.099360][ T5893] __submit_bio+0x32e/0x492 [ 1951.100172][ T5893] submit_bio_noacct_nocheck+0x740/0xe36 [ 1951.101227][ T5893] submit_bio_noacct+0xa96/0x1e04 [ 1951.102210][ T5893] submit_bio+0xc8/0x4f2 [ 1951.103091][ T5893] submit_bh_wbc+0x42a/0x5a8 [ 1951.104086][ T5893] block_read_full_folio+0x6e6/0x90a [ 1951.105076][ T5893] blkdev_read_folio+0x26/0x30 [ 1951.105947][ T5893] filemap_read_folio+0xc2/0x272 [ 1951.106966][ T5893] filemap_get_pages+0x126c/0x1ba0 [ 1951.107885][ T5893] filemap_read+0x366/0xc52 [ 1951.108761][ T5893] blkdev_read_iter+0x164/0x416 [ 1951.109643][ T5893] do_iter_readv_writev+0x55a/0x686 [ 1951.110594][ T5893] vfs_readv+0x414/0x70c [ 1951.111387][ T5893] do_preadv+0x1b4/0x250 [ 1951.112250][ T5893] __riscv_sys_preadv+0x88/0xc4 [ 1951.113107][ T5893] syscall_handler+0x94/0x118 [ 1951.114027][ T5893] do_trap_ecall_u+0x1aa/0x216 [ 1951.114961][ T5893] handle_exception+0x146/0x152 [ 1951.116064][ T5893] [ 1951.116064][ T5893] -> #5 (mapping.invalidate_lock#2){.+.+}-{4:4}: [ 1951.117687][ T5893] lock_acquire.part.0+0x2c4/0x81a [ 1951.118587][ T5893] lock_acquire+0x74/0x98 [ 1951.119548][ T5893] down_read+0xa4/0x45e [ 1951.120310][ T5893] filemap_fault+0x610/0x2c46 [ 1951.121111][ T5893] __do_fault+0xf4/0x4dc [ 1951.121847][ T5893] __handle_mm_fault+0x1c52/0x4394 [ 1951.122851][ T5893] handle_mm_fault+0x48a/0x884 [ 1951.123604][ T5893] __get_user_pages+0xb76/0x35d4 [ 1951.124432][ T5893] populate_vma_page_range+0x24a/0x362 [ 1951.125252][ T5893] __mm_populate+0x1a8/0x390 [ 1951.126081][ T5893] do_mlock+0x2de/0x7de [ 1951.127071][ T5893] __riscv_sys_mlock+0x54/0x74 [ 1951.128220][ T5893] syscall_handler+0x94/0x118 [ 1951.129045][ T5893] do_trap_ecall_u+0x1aa/0x216 [ 1951.129941][ T5893] handle_exception+0x146/0x152 [ 1951.130947][ T5893] [ 1951.130947][ T5893] -> #4 (&mm->mmap_lock){++++}-{4:4}: [ 1951.132417][ T5893] lock_acquire.part.0+0x2c4/0x81a [ 1951.133414][ T5893] lock_acquire+0x74/0x98 [ 1951.134401][ T5893] __might_fault+0xdc/0x138 [ 1951.135209][ T5893] _copy_from_iter+0x120/0x1a32 [ 1951.136059][ T5893] tcp_sendmsg_locked+0x247c/0x3692 [ 1951.136962][ T5893] tcp_sendmsg+0x32/0x4e [ 1951.137725][ T5893] inet_sendmsg+0x9c/0xda [ 1951.138575][ T5893] __sock_sendmsg+0xcc/0x160 [ 1951.139380][ T5893] sock_write_iter+0x2a0/0x3ba [ 1951.140138][ T5893] vfs_write+0x56c/0xa94 [ 1951.140839][ T5893] ksys_write+0x200/0x226 [ 1951.141600][ T5893] __riscv_sys_write+0x6e/0x94 [ 1951.142484][ T5893] syscall_handler+0x94/0x118 [ 1951.143327][ T5893] do_trap_ecall_u+0x1aa/0x216 [ 1951.144486][ T5893] handle_exception+0x146/0x152 [ 1951.145454][ T5893] [ 1951.145454][ T5893] -> #3 (sk_lock-AF_INET){+.+.}-{0:0}: [ 1951.146908][ T5893] lock_acquire.part.0+0x2c4/0x81a [ 1951.147747][ T5893] lock_acquire+0x74/0x98 [ 1951.148532][ T5893] lock_sock_nested+0x38/0xf6 [ 1951.149232][ T5893] inet_shutdown+0x6c/0x41c [ 1951.149979][ T5893] kernel_sock_shutdown+0x58/0x7a [ 1951.150773][ T5893] nbd_mark_nsock_dead+0xb4/0x520 [ 1951.151611][ T5893] recv_work+0x680/0x9d2 [ 1951.152475][ T5893] process_one_work+0x968/0x1f38 [ 1951.153381][ T5893] worker_thread+0x5be/0xdc6 [ 1951.154514][ T5893] kthread+0x28c/0x3a4 [ 1951.155346][ T5893] ret_from_fork+0xe/0x18 [ 1951.156625][ T5893] [ 1951.156625][ T5893] -> #2 (&nsock->tx_lock){+.+.}-{4:4}: [ 1951.157989][ T5893] lock_acquire.part.0+0x2c4/0x81a [ 1951.158899][ T5893] lock_acquire+0x74/0x98 [ 1951.159694][ T5893] __mutex_lock+0x166/0x1082 [ 1951.160425][ T5893] mutex_lock_nested+0x14/0x1c [ 1951.161164][ T5893] nbd_queue_rq+0x3b8/0xe6a [ 1951.161925][ T5893] blk_mq_dispatch_rq_list+0x3f0/0x1ab6 [ 1951.163220][ T5893] __blk_mq_sched_dispatch_requests+0xaee/0x1370 [ 1951.165328][ T5893] blk_mq_sched_dispatch_requests+0xb6/0x17c [ 1951.166449][ T5893] blk_mq_run_hw_queue+0x28c/0x6ba [ 1951.167347][ T5893] blk_mq_flush_plug_list+0x63c/0x1ebe [ 1951.168235][ T5893] __blk_flush_plug+0x270/0x422 [ 1951.169153][ T5893] __submit_bio+0x3ac/0x492 [ 1951.170025][ T5893] submit_bio_noacct_nocheck+0x740/0xe36 [ 1951.171045][ T5893] submit_bio_noacct+0xa96/0x1e04 [ 1951.171868][ T5893] submit_bio+0xc8/0x4f2 [ 1951.172667][ T5893] submit_bh_wbc+0x42a/0x5a8 [ 1951.173501][ T5893] block_read_full_folio+0x6e6/0x90a [ 1951.174456][ T5893] blkdev_read_folio+0x26/0x30 [ 1951.175326][ T5893] filemap_read_folio+0xc2/0x272 [ 1951.176325][ T5893] do_read_cache_folio+0x1e6/0x4d2 [ 1951.177295][ T5893] read_cache_folio+0x4e/0x68 [ 1951.178220][ T5893] read_part_sector+0xc0/0x44c [ 1951.179109][ T5893] read_lba+0x1c8/0x344 [ 1951.180058][ T5893] find_valid_gpt.constprop.0+0x206/0x22f2 [ 1951.181077][ T5893] efi_partition+0x10a/0xa14 [ 1951.181919][ T5893] bdev_disk_changed+0x5de/0x139c [ 1951.182791][ T5893] blkdev_get_whole+0x17c/0x514 [ 1951.183710][ T5893] bdev_open+0x86a/0xfa8 [ 1951.184602][ T5893] blkdev_open+0x2e2/0x396 [ 1951.185454][ T5893] do_dentry_open+0xe8e/0x1946 [ 1951.186423][ T5893] vfs_open+0xbe/0x37c [ 1951.187340][ T5893] path_openat+0x1b70/0x28c2 [ 1951.188178][ T5893] do_filp_open+0x19c/0x35c [ 1951.189082][ T5893] do_sys_openat2+0x174/0x1ca [ 1951.190208][ T5893] __riscv_sys_openat+0x178/0x1fe [ 1951.191124][ T5893] syscall_handler+0x94/0x118 [ 1951.191928][ T5893] do_trap_ecall_u+0x1aa/0x216 [ 1951.192820][ T5893] handle_exception+0x146/0x152 [ 1951.193849][ T5893] [ 1951.193849][ T5893] -> #1 (&cmd->lock){+.+.}-{4:4}: [ 1951.195285][ T5893] lock_acquire.part.0+0x2c4/0x81a [ 1951.196271][ T5893] lock_acquire+0x74/0x98 [ 1951.197155][ T5893] __mutex_lock+0x166/0x1082 [ 1951.197962][ T5893] mutex_lock_nested+0x14/0x1c [ 1951.198919][ T5893] nbd_queue_rq+0xbc/0xe6a [ 1951.199908][ T5893] blk_mq_dispatch_rq_list+0x3f0/0x1ab6 [ 1951.200876][ T5893] __blk_mq_sched_dispatch_requests+0xaee/0x1370 [ 1951.202177][ T5893] blk_mq_sched_dispatch_requests+0xb6/0x17c [ 1951.203399][ T5893] blk_mq_run_hw_queue+0x28c/0x6ba [ 1951.205100][ T5893] blk_mq_flush_plug_list+0x63c/0x1ebe [ 1951.206114][ T5893] __blk_flush_plug+0x270/0x422 [ 1951.207072][ T5893] __submit_bio+0x3ac/0x492 [ 1951.207887][ T5893] submit_bio_noacct_nocheck+0x740/0xe36 [ 1951.208846][ T5893] submit_bio_noacct+0xa96/0x1e04 [ 1951.209785][ T5893] submit_bio+0xc8/0x4f2 [ 1951.210625][ T5893] submit_bh_wbc+0x42a/0x5a8 [ 1951.211410][ T5893] block_read_full_folio+0x6e6/0x90a [ 1951.212233][ T5893] blkdev_read_folio+0x26/0x30 [ 1951.213082][ T5893] filemap_read_folio+0xc2/0x272 [ 1951.214041][ T5893] do_read_cache_folio+0x1e6/0x4d2 [ 1951.214992][ T5893] read_cache_folio+0x4e/0x68 [ 1951.215825][ T5893] read_part_sector+0xc0/0x44c [ 1951.216638][ T5893] read_lba+0x1c8/0x344 [ 1951.217348][ T5893] find_valid_gpt.constprop.0+0x206/0x22f2 [ 1951.218162][ T5893] efi_partition+0x10a/0xa14 [ 1951.218893][ T5893] bdev_disk_changed+0x5de/0x139c [ 1951.219621][ T5893] blkdev_get_whole+0x17c/0x514 [ 1951.220376][ T5893] bdev_open+0x86a/0xfa8 [ 1951.221102][ T5893] blkdev_open+0x2e2/0x396 [ 1951.221982][ T5893] do_dentry_open+0xe8e/0x1946 [ 1951.222799][ T5893] vfs_open+0xbe/0x37c [ 1951.223554][ T5893] path_openat+0x1b70/0x28c2 [ 1951.224362][ T5893] do_filp_open+0x19c/0x35c [ 1951.225159][ T5893] do_sys_openat2+0x174/0x1ca [ 1951.226277][ T5893] __riscv_sys_openat+0x178/0x1fe [ 1951.227227][ T5893] syscall_handler+0x94/0x118 [ 1951.227977][ T5893] do_trap_ecall_u+0x1aa/0x216 [ 1951.228837][ T5893] handle_exception+0x146/0x152 [ 1951.229678][ T5893] [ 1951.229678][ T5893] -> #0 (set->srcu){.+.+}-{0:0}: [ 1951.230934][ T5893] check_noncircular+0x2ba/0x354 [ 1951.231925][ T5893] __lock_acquire+0x2e4e/0x8594 [ 1951.232884][ T5893] lock_sync+0x286/0x504 [ 1951.233866][ T5893] __synchronize_srcu+0xd4/0x292 [ 1951.234898][ T5893] synchronize_srcu+0x172/0x414 [ 1951.235875][ T5893] blk_mq_quiesce_queue+0x12e/0x19e [ 1951.236787][ T5893] elevator_disable+0x76/0x1e8 [ 1951.237689][ T5893] __blk_mq_update_nr_hw_queues+0x3de/0x13d4 [ 1951.238732][ T5893] blk_mq_update_nr_hw_queues+0x32/0x4a [ 1951.240123][ T5893] nbd_start_device+0x140/0xc00 [ 1951.241194][ T5893] nbd_ioctl+0x474/0xd90 [ 1951.241961][ T5893] blkdev_ioctl+0x23c/0xca0 [ 1951.242795][ T5893] __riscv_sys_ioctl+0x18e/0x1e2 [ 1951.243576][ T5893] syscall_handler+0x94/0x118 [ 1951.244406][ T5893] do_trap_ecall_u+0x1aa/0x216 [ 1951.245191][ T5893] handle_exception+0x146/0x152 [ 1951.246042][ T5893] [ 1951.246042][ T5893] other info that might help us debug this: [ 1951.246042][ T5893] [ 1951.247037][ T5893] Chain exists of: [ 1951.247037][ T5893] set->srcu --> mapping.invalidate_lock#2 --> &q->q_usage_counter(io)#21 [ 1951.247037][ T5893] [ 1951.249094][ T5893] Possible unsafe locking scenario: [ 1951.249094][ T5893] [ 1951.250030][ T5893] CPU0 CPU1 [ 1951.250848][ T5893] ---- ---- [ 1951.251906][ T5893] lock(&q->q_usage_counter(io)#21); [ 1951.253229][ T5893] lock(mapping.invalidate_lock#2); [ 1951.254937][ T5893] lock(&q->q_usage_counter(io)#21); [ 1951.256295][ T5893] sync(set->srcu); [ 1951.257198][ T5893] [ 1951.257198][ T5893] *** DEADLOCK *** [ 1951.257198][ T5893] [ 1951.258238][ T5893] 6 locks held by syz.2.394/5893: [ 1951.259083][ T5893] #0: ff60000019f65998 (&nbd->config_lock){+.+.}-{4:4}, at: nbd_ioctl+0x144/0xd90 [ 1951.261098][ T5893] #1: ff60000019f658d8 (&set->tag_list_lock){+.+.}-{4:4}, at: blk_mq_update_nr_hw_queues+0x2a/0x4a [ 1951.264785][ T5893] #2: ff60000019cde7e0 (&q->sysfs_dir_lock){+.+.}-{4:4}, at: __blk_mq_update_nr_hw_queues+0x210/0x13d4 [ 1951.267483][ T5893] #3: ff60000019cde750 (&q->sysfs_lock){+.+.}-{4:4}, at: __blk_mq_update_nr_hw_queues+0x21e/0x13d4 [ 1951.269496][ T5893] #4: ff60000019cde228 (&q->q_usage_counter(io)#21){++++}-{0:0}, at: __blk_mq_update_nr_hw_queues+0x224/0x13d4 [ 1951.271770][ T5893] #5: ff60000019cde260 (&q->q_usage_counter(queue)#5){+.+.}-{0:0}, at: __blk_mq_update_nr_hw_queues+0x224/0x13d4 [ 1951.274246][ T5893] [ 1951.274246][ T5893] stack backtrace: [ 1951.275474][ T5893] CPU: 0 UID: 0 PID: 5893 Comm: syz.2.394 Not tainted 6.13.0-rc3-syzkaller-g6f6ecce59d99 #0 [ 1951.278661][ T5893] Hardware name: riscv-virtio,qemu (DT) [ 1951.280257][ T5893] Call Trace: [ 1951.281321][ T5893] [] dump_backtrace+0x2e/0x3c [ 1951.282969][ T5893] [] show_stack+0x30/0x3c [ 1951.285188][ T5893] [] dump_stack_lvl+0x12e/0x1a6 [ 1951.286949][ T5893] [] dump_stack+0x1c/0x24 [ 1951.288626][ T5893] [] print_circular_bug+0x3a2/0x42c [ 1951.290432][ T5893] [] check_noncircular+0x2ba/0x354 [ 1951.292158][ T5893] [] __lock_acquire+0x2e4e/0x8594 [ 1951.294251][ T5893] [] lock_sync+0x286/0x504 [ 1951.295553][ T5893] [] __synchronize_srcu+0xd4/0x292 [ 1951.296511][ T5893] [] synchronize_srcu+0x172/0x414 [ 1951.297456][ T5893] [] blk_mq_quiesce_queue+0x12e/0x19e [ 1951.298404][ T5893] [] elevator_disable+0x76/0x1e8 [ 1951.299227][ T5893] [] __blk_mq_update_nr_hw_queues+0x3de/0x13d4 [ 1951.300713][ T5893] [] blk_mq_update_nr_hw_queues+0x32/0x4a [ 1951.302394][ T5893] [] nbd_start_device+0x140/0xc00 [ 1951.303884][ T5893] [] nbd_ioctl+0x474/0xd90 [ 1951.305271][ T5893] [] blkdev_ioctl+0x23c/0xca0 [ 1951.306834][ T5893] [] __riscv_sys_ioctl+0x18e/0x1e2 [ 1951.308322][ T5893] [] syscall_handler+0x94/0x118 [ 1951.309735][ T5893] [] do_trap_ecall_u+0x1aa/0x216 [ 1951.311481][ T5893] [] handle_exception+0x146/0x152 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 1953.162586][ T59] block nbd2: Receive control failed (result -32) [ 1953.162604][ T58] block nbd2: Receive control failed (result -32) [ 1953.185221][ T5893] block nbd2: shutting down sockets [ 1958.170896][ T20] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1958.608602][ T20] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1959.260969][ T20] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1959.639378][ T20] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1963.887114][ T20] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1963.967505][ T20] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1964.009531][ T20] bond0 (unregistering): Released all slaves [ 1964.548189][ T20] hsr_slave_0: left promiscuous mode [ 1964.563414][ T20] hsr_slave_1: left promiscuous mode [ 1964.605347][ T20] veth1_macvtap: left promiscuous mode [ 1964.607236][ T20] veth0_macvtap: left promiscuous mode [ 1964.609537][ T20] veth1_vlan: left promiscuous mode [ 1964.611481][ T20] veth0_vlan: left promiscuous mode [ 1973.418814][ T20] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1973.839619][ T20] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1974.297757][ T20] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1974.687858][ T20] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1979.299621][ T20] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1979.349943][ T20] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1979.387282][ T20] bond0 (unregistering): Released all slaves [ 1979.829445][ T20] hsr_slave_0: left promiscuous mode [ 1979.841287][ T20] hsr_slave_1: left promiscuous mode [ 1979.880296][ T20] veth1_macvtap: left promiscuous mode [ 1979.881918][ T20] veth0_macvtap: left promiscuous mode [ 1979.898567][ T20] veth1_vlan: left promiscuous mode [ 1979.901959][ T20] veth0_vlan: left promiscuous mode VM DIAGNOSIS: 18:19:32 Registers: info registers vcpu 0 CPU#0 V = 0 pc ffffffff81d00212 mhartid 0000000000000000 mstatus 0000000a000000a0 hstatus 0000000200000000 vsstatus 0000000a00000000 mip 0000000000000220 mie 000000000000022a mideleg 0000000000001666 hideleg 0000000000000444 medeleg 0000000000f0b509 hedeleg 000000000000b109 mtvec 00000000800004f0 stvec ffffffff861e5138 vstvec 0000000000000000 mepc ffffffff80083676 sepc ffffffff804b6d4a vsepc 0000000000000000 mcause 0000000000000009 scause 8000000000000005 vscause 0000000000000000 mtval 0000000000000000 stval 0000000000000000 htval 0000000000000000 mtval2 0000000000000000 mscratch 000000008004a000 sscratch 0000000000000000 satp a044b000000b0e75 x0/zero 0000000000000000 x1/ra ffffffff81d001e8 x2/sp ff2000000d176ad0 x3/gp ffffffff899f64c0 x4/tp ff6000001858cec0 x5/t0 6300000000000000 x6/t1 ffe3ffff01a2ed44 x7/t2 63722d302e33312e x8/s0 ff2000000d176b10 x9/s1 ffffffff90d8caa0 x10/a0 ffffffff90d8cae8 x11/a1 000000000000001f x12/a2 0000000000080000 x13/a3 ffffffff81d001e8 x14/a4 1ffffffff21b195d x15/a5 ff2000000006d000 x16/a6 0000000000000003 x17/a7 0000000000000003 x18/s2 0000000000000023 x19/s3 0000000000000000 x20/s4 0000000000000000 x21/s5 0000000000000000 x22/s6 0000000000000000 x23/s7 ffffffff90baece9 x24/s8 dfffffff00000000 x25/s9 fffffffef21b195f x26/s10 0000000000000010 x27/s11 0000000000000010 x28/t3 ffffffff90baecb7 x29/t4 ffe3ffff01a2ed44 x30/t5 ffe3ffff01a2ed45 x31/t6 ffffffff90baecb7 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000 info registers vcpu 1 CPU#1 V = 0 pc 00000000000d46b8 mhartid 0000000000000001 mstatus 0000000a000040a2 hstatus 0000000200000000 vsstatus 0000000a00000000 mip 0000000000000020 mie 000000000000022a mideleg 0000000000001666 hideleg 0000000000000444 medeleg 0000000000f0b509 hedeleg 000000000000b109 mtvec 00000000800004f0 stvec ffffffff861e5138 vstvec 0000000000000000 mepc ffffffff802a7052 sepc 00000000000fb0da vsepc 0000000000000000 mcause 8000000000000003 scause 8000000000000005 vscause 0000000000000000 mtval 0000000000000000 stval 0000000000000000 htval 0000000000000000 mtval2 0000000000000000 mscratch 0000000080048000 sscratch ff6000001a981a40 satp a03dd000000aa171 x0/zero 0000000000000000 x1/ra 0000000000021d84 x2/sp 00007fffe30ec780 x3/gp 000000000028a918 x4/tp 00000000026d8760 x5/t0 0000000000003a98 x6/t1 0000000000000018 x7/t2 000000000000000a x8/s0 0000000000000028 x9/s1 00000000002a0000 x10/a0 ffffffffffffffff x11/a1 00007fffe30ec7dc x12/a2 0000000040000001 x13/a3 0000000000000000 x14/a4 0000000000000000 x15/a5 0000000000000000 x16/a6 0000000064000000 x17/a7 0000000000000104 x18/s2 00007fffe30ec7dc x19/s3 0000000040000001 x20/s4 00000000001b7740 x21/s5 00007fffe30ec830 x22/s6 00000000001dbc10 x23/s7 0000000000000006 x24/s8 00000000000001f4 x25/s9 00000000000f4240 x26/s10 00000000001dbf92 x27/s11 0000000000003a98 x28/t3 0024c58acc000000 x29/t4 ffffffffffffffff x30/t5 0000000491608017 x31/t6 00000000000001f4 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000